.svg)
From 6 April 2026, the rules around the Construction Industry Scheme changed. Here's what it means for your site, your supply chain and your liability.
The Construction Industry Scheme has been part of UK construction for decades. But as of the 6th April it looks and feels significantly different, and the shift is more serious than a routine admin update.
HMRC has introduced a package of reforms that raise the stakes for every contractor in the chain. More scrutiny, tougher penalties and a clear expectation that you can demonstrate you know exactly who you're paying and why.
Here's what's changed, and what it means in practice.
The rule that changes everything: "Should Have Known".
Under the new anti-fraud measures, HMRC can pursue any contractor that knew, or should have known, that a payment in their supply chain was connected to fraudulent or non-compliant CIS activity.
Not just the firm that did it. You. Potentially three tiers up, because you didn't ask enough questions.
If a subcontractor in your chain has been paying ghost workers, running false self-employment arrangements, or gaming CIS deductions, and you can't demonstrate you did proper due diligence, you're exposed. The "should have known" standard goes well beyond deliberate fraud. Carelessness, a lack of process, or simply not checking: all of it counts.
Where HMRC decides this test is met, the consequences are significant:
Gross Payment Status removed, immediately
Five-year ban on reapplication (up from one year previously)
Penalties of up to 30% of any lost tax
Directors held personally liable
This isn't a distant risk. It's a live one.
Aaron Vousden
Co-founder, innDex
"The 'should have known' standard is the part most contractors haven't fully reckoned with yet. HMRC isn't just coming for the firms that cut corners, they're coming for everyone up the chain who didn't ask the right questions. The businesses that aren't impacted by this are the ones who can open a single screen and show exactly who was on site, when, verified and paid correctly. That's what we built innDex to do."
NIL Returns are back. What should you do?
The requirement to submit monthly CIS NIL returns, filed when no subcontractor payments have been made, was removed in 2015. From 6 April 2026, it's reinstated.
If you haven't paid any subcontractors in a given month and haven't pre-notified HMRC, you're now required to file a NIL return or face a late filing penalty. The full penalty regime is back in force: an initial £100 fixed penalty, with further charges accruing at six and twelve months for persistent non-filers.
For businesses with seasonal workflows or project gaps, this is an easy one to trip over. The fix is straightforward, but it requires a consistent monthly process and the right reminders in place.
Public sector payments: one less thing to worry about.
But there’s some good news. Payments made to local authorities and qualifying public sector bodies are now fully removed from CIS scope, formalised in legislation as Regulation 24ZA.
If you work on public sector contracts, this removes a layer of unnecessary admin. A small win, but a welcome one.
What HMRC now expects from you.
The firms that will be fine all have one thing in common: they can prove they know who they're paying, and why.
That means two things need to be in order.
1. The site gate
Who actually turned up on site? Are they verified? Documented? Onboarded before they ever touched the job?
The paper trail HMRC will want to see needs to exist, and it needs to be built consistently, from day one. Not a folder of sign-in sheets. An auditable record.
2. The supply chain
Who are you paying for? Through which suppliers? Under what arrangements? Are your CIS determinations documented? Do your timesheets connect cleanly to your invoices and purchase orders?
Compliance doesn't stop at the site gate. The liability can travel up the chain, which means you need visibility and documented process across every tier, not just the workers in front of you.
The same principles apply: know who's there, verify why they're there, and keep a record that holds up.
One connected audit trail. How innDex can help you with this.
innDex helps you stay compliant with the Construction Industry Scheme changes by making worker verification automatic, auditable and built into how your site already runs. Through integrations with CSCS Smart Checks, PPAC and Complete Competence, the platform handles the hard work from the start to completion.
Before a worker sets foot on site, the platform has already done the hard work. PPAC confirms their legal right to work in the UK. The CSCS Smart Checker validates that competency cards are genuine and up to date. And the platform's competency matrix ties it all together, automatically tracking expiries, flagging issues, and building a live compliance record with no manual input
If something doesn't check out at any stage, the induction can't be completed, and site access is blocked.
At the gateOnce at gates, innDex keeps the record going. The access control system cross-checks their data in real time, ensuring only inducted, approved workers can get on site. This process also allows integrated timesheets to connect attendance directly to hours worked and create a clean, continuous trail from onboarding through to payment.
The result: a workforce that arrives verified, compliant, and ready. And a site team that can prove it.
